Are you concerned about cybercriminals infiltrating your network, or having your servers or PCs compromised by malware? If you’re not you should be. What might surprise you, though, is the fact that the greatest risk to your network and PCs is actually your own users.

If you look back at the biggest data breaches and network security incidents over the last few years, it seems that the root cause of most—the “patient zero”—is a result of actions by individual users. Either intentionally or inadvertently, users are in a position to expose information and compromise PCs with a single errant click.

A study conducted by Osterman Research discovered that many IT admins are concerned about the potential threat introduced by user behavior. The risk of employees introducing malware to the company network was cited as a major concern by more than half of those surveyed. Nearly three-fourths stated that their network has been penetrated by malware as a result of Web surfing, and almost two-thirds declared that they had been compromised through email, just in the past year.

Often, however, the risky behavior is really just a side effect of attempts to work more efficiently. For example, users upload files to consumer-oriented services like Dropbox so they can continue working on them from home, or know that they’ll have access to important data while visiting a client site.

One study found that 87 percent of executives send company data or emails to personal cloud accounts so they can work from home or on the road. A shocking 58 percent admit that they have accidentally sent sensitive data to the wrong destination. The organization can minimize the risk of sensitive data being exposed or compromised by providing users with a comparable solution that is more secure.

User awareness remains one of the most effective tools available for protecting company assets and data. Organizations need to make sure users understand the importance of protecting sensitive data and safeguarding company assets, and that they’re aware of how their actions impact the overall security for the whole organization.

Stopping there, however, is a recipe for disaster. Users will continue to circumvent policies and find a way to get things done despite the IT department. It is equally important for IT personnel to engage with users to understand how and why they do what they do. Rather than being the draconian police who make everyone’s life difficult, IT needs to take on a role of facilitating and enhancing business processes by providing users the tools they need to do the job properly and securely.